The Constrained Application Protocol (CoAP)-Part 2

Khamdamboy Urunov, a Ph.D. student.,hamdamboy.urunov@gmail.com

CoAP Design Requirements

2

The CoAP Architecture

3http://www.slideshare.net/zdshelby/coap-tutorial

CoAP methods

4

CoAP feature uses: GET, POST, PUT, DELETE methods

GET Method

draft-ietf-core-coap-18., June 2013 : https://tools.ietf.org/pdf/draft-ietf-core-coap-18.pdf

The GET method retrieves a representation for the information that currently corresponds to the resource identified by the request URI. If the request includes an Accept Option, that indicates the preferred content-format of a response.

OneM2M protocol Binding: binding with CoAP

We can only send limited data with GET method and it’s sent in the header request URL whereas We can send large amount of data with POST because it’s part of the request body.

http://www.test.com/index.htm?name1=value1&name2=value2

Different pointone

5

CoAP methods (cont…)GET Method

Confirmable MessageSome messages require an acknowledgement. These

messages are called “Confirmable“;

When no packets are lost, each Confirmable message

elicits exactly one return message of type Acknowledgement

or type Reset.

http://www.slideshare.net/paolopat/io-t-protocols-landscape

6

CoAP methods (cont…)GET Method The Token Option

is an opaque sequence of 1-2 bytes which is used to match a request with a response is meant for use with asynchronous responses by this specification. the Token is generated by a client and included in a way that Token values currently in use are unique.

If a Token Option is included in a request, the response (and any subsequent delayed responses) MUST include the same value in a Token Option. If a Token Option is included in a request, any resulting delayed response SHOULD NOT include the URI option (for sake of efficiency) as the Token is sufficient for matching it with the request.

Tokens have the following rules:

https://tools.ietf.org/html/draft-ietf-core-coap-03#page-17

If a request does not include a Token option, the server MUST provide its ReST response within the transaction response. If it cannot do so (i.e., can only satisfy the request through an asynchronous response), it MUST respond with error "Token Option required by server (CoAP 240)". This option MUST NOT occur ore than once in a header.

7

CoAP methods (cont…)GET Method

Non-confirmable Message Some other messages do not require an acknowledgement. This is particularly true for messages that are repeated regularly for application requirements, such as repeated readings from a sensor.

Acknowledgement Message An Acknowledgement message acknowledges that a

specific Confirmable message arrived.

By itself, an Acknowledgement message does not indicate

success or failure of any request encapsulated in the

Confirmable message, but the Acknowledgement message

may also carry a Piggybacked Response.

8

The GET method is restricted to send upto 1024 characters only

Never use  GET  method if you have password or other sensitive information

to be sent to the server.

GET  can't be used to send binary data, like images or word documents, to

the server.

The data sent by  GET  method can be accessed using QUERY_STRING

environment variable.

The PHP provides $_GET associative array to access all the sent information

using  GET  method.

CoAP methods (cont…)GET Method

Pros and Cons Point

Reset Message A Reset message indicates that a specific message (Confirmable or Non-confirmable) was received,

but some context is missing to properly process it.

This condition is usually caused when the receiving node has rebooted and has forgotten some state that would be

required to interpret the message.

Provoking a Reset message (e.g., by sending an Empty Confirmable message) is also useful as an inexpensive check

of the liveness of an endpoint ("CoAP ping").

9

CoAP methods (cont…)POST Method

The POST method is used to request the server to create a new subordinate resource under the requested parent URI.

If a resource has been created on the server, the response SHOULD be 201 (Created) including the

URI of the new resource in a Location Option with any possible status in the message body. If the POST succeeds but does not result in a new resource being created on the server, a 200 (OK) response code SHOULD be returned.

Client Server

CON [ox1c] POST/ light Token: 0x33

ACK [ox1c] POST/ 201 Create 58.2; Token: 0x33

POST can transfer data securely to server, it can transfer large data and should be used to send data to server;

10

GET  POST History Parameters remain in browser history

because they are part of the URLParameters are not saved in browser history.

Bookmarked Can be bookmarked. Cannot be bookmarked.BACK button/re-submit behaviour

GET requests are re-executed but may not be re-submitted to server if the HTML is stored in the browser cache.

The browser usually alerts the user that data will need to be re-submitted.

Encoding type (ectype attribute)

application/x-www-form-urlencoded multipart/form-data or application/x-www-form-urlencoded Use multipart encoding for binary data.

Parameters can send but the parameter data is limited to what we can stuff into the request line (URL). Safest to use less than 2K of parameters, some servers handle up to 64K

Can send parameters, including uploading files, to the server.

Hacked Easier to hack for script kiddies More difficult to hackRestrictions on form data type

Yes, only ASCII characters allowed. No restrictions. Binary data is also allowed.

Security GET is less secure compared to POST because data sent is part of the URL. So it's saved in browser history and server logs in plaintext.

POST is a little safer than GET because the parameters are not stored in browser history or in web server logs.

Restrictions on form data length

Yes, since form data is in the URL and URL length is restricted. A safe URL length limit is often 2048 characters but varies by browser and web server.

No restrictions

Usability GET method should not be used when sending passwords or other sensitive information.

POST method used when sending passwords or other sensitive information.

Visibility GET method is visible to everyone (it will be displayed in the browser's address bar) and has limits on the amount of information to send.

POST method variables are not displayed in the URL.

Cached Can be cached Not cached

PUT

11

The PUT method requests that the resource identified by the request URI be updated or created with the enclosed message body.

If a resource exists at that URI the message body SHOULD be considered a modified version of that resource, and a 200 (OK) response SHOULD be returned.

If no resource exists then the server MAY create a new resource with that URI, resulting in a 201 (Created) response.

If the resource could not be created or modified, then an appropriate error response code SHOULD be sent. Responses to this method are not cacheable.

CoAP methods (cont…)

 PUT:- Used when the client is sending a replacement document or uploading a new document to the Web server under the request URL

• The DELETE method requests that the resource identified by the request URI be deleted.

• The response 200 (OK) SHOULD be sent on success. • Responses to this method are not cacheable.

12

DELETECoAP methods (cont…)

DELETE:- Used when the client is trying to delete a document from the Web server, identified by the request URL.

Code status

13

Example

14

CoAP & OneM2M

15

CoAP Feature

16

CoAP Feature ElementsEmbedded web transfer protocol

(coap://)

Asynchronous transaction modelUDP binding with reliability and multicast supportmethods GET, POST, PUT, DELETE support URIheader Small, simple 4 byte DTLS based PSK, RPK and Certificate

securitySubset of MIME types and HTTP response codesBuilt-in discoveryOptional observation and block transfer

17

What CoAP is (and is not)

CoAP is CoAP is notA very efficient RESTful protocol

A general replacement for HTTP

Ideal for constrained devices and networks

HTTP compression

Specialized for M2M applications

Restricted to isolated “automation” networks

Easy to proxy to/from HTTP

CoAP messages are encoded in a simple binary format. The Message Header (4 bytes).The variable-length token value 0 and 8 bytes long.

18

Ver - Version (1) 2 bit unsigned integer . Implementations of this field to 1 (01 binary).

T – Message Type 2- bit unsigned integer. (Confirmable, Non-Confirmable, Acknowledgement, Reset).

TKL- Token Length 4-bit unsigned integer. Indicates the length of the variable-length Token field (0-8 bytes).

Code – 8-bit unsighted integer. 3 bit class(most signification bits). 5 bits detail (least significant bits).

Request Method (1-10) or Response Code (40-255)

Message ID – 16-bit identifier for matching responses

Token – Optional response matching token

Message Format

Standards Track RFC 7252 June, 2014

Option Format

19

Option Delta - Difference between this option type and the previous.

4 bit unsigned integer. A value between 0 and 12 indicates the Optional Delta.

Length - Length of the option value

4 bit unsigned integer. A value between 0 and 12 indicates the length of the Optional Value, in bytes.

Value - The value of Length bytes immediately follows Length

CoAP defined a number of options that can be included in a message.

Base Specification Options

20

The Uri-Host Option specifies the Internet host of the resource being requested.

The Uri-Post Option specifies the transport-layer port number of the resource

The Uri-Path Option specifies one segment of the absolute path to the resource

The Uri-Query Option specifies one argument parameterizing the resource

Caching

21

• CoAP includes a simple caching modelCache ability determined by response code

An option number mask determines if it is a cache key

• Freshness modelMax-Age option indicates cache lifetime

• Validation modelValidity checked using the Etag Option

• A proxy often supports cachingUsually on behalf of a constrained node,

a sleeping node,

or to reduce network load

Proxying and caching

22

Observation

23

COAP Observation

PROBLEM: REST paradigm is often “PULL” type, that is, data is obtained by issuing an explicit request

Information/data in WSN is often periodic/

triggered (e.g., get me a temperature sample every

2 seconds or get me a warning if temperature goes

below 5°C)

SOLUTION: use Observation on COAP resources

Block transfer

24

COAP Block Transfer

PROBLEM:

avoid segmentation in the lower layers

(IPv6)

SOLUTION:

COAP Block Transfer Mode n brings up

fragmentation at the application layer

Getting Started with CoAP

25

• There are many open source implementations available

Java CoAP Library Californium

C CoAP Library Erbium

libCoAP C Library

jCoAP Java Library

OpenCoAP C Library

TinyOS and Contiki include CoAP support

• CoAP is already part of many commercial products/systems

Sensinode NanoService

RTX 4100 WiFi Module

• Firefox has a CoAP plugin called Copper

• Wireshark has CoAP dissector support

• Implement CoAP yourself, it is not that hard!

Resource Discovery

26

• Service Discovery

What services are available in the first place?

Goal of finding the IP address, port and protocol

Usually performed by e.g. DNS-SD when DNS is available

• Resource Discovery

What are the Web resources I am interested in?

Goal of finding URIs

Performed using Web Linking or some REST interface

CoRE Link Format is designed to enable resource discovery

GOAL: Discovering the links hosted by CoAP (or HTTP) servers

GET /.well-known/core?optional_query_string

Resource Directory

27

• CoRE Link Format only defines

The link format

Peer-to-peer discovery

• A directory approach is also useful

Supports sleeping nodes

No multicast traffic, longer battery life

Remote lookup, hierarchical and federated distribution

• The CoRE Link Format can be used to build Resource Directories

Nodes POST (register) their link-format to an RD

Nodes PUT (refresh) to the RD periodically

Nodes may DELETE (remove) their RD entry

Nodes may GET (lookup) the RD or resource of other nodes

Resource Directory

28

CoRE Interfaces

29

• CoRE Interfaces [draft-shelby-core-interfaces]A paradigm for REST profiles made up of function setsSimple interface types

• Thank you !

30